8-ary constellation bursts at 12800bps data rate

For background it might be helpful to read the relevant entries in i56578's blog.

Two consecutive bursts centered on 2670 kHz are shown below in terms of 287-symbol long frames. The preamble and mini-probes have been descrambled (gr-digitalhf) and therefore have phases close to 0 rad. There are 13 frames with payload data per burst, each one having 256 symbols/frame:

Symbols after adaptive filtering and descrambling of
MIL-STD-110C known symbols for consecutive bursts

These signals are perfectly compatible standard MIL-STD-110C for 12,800 bps data rate; note that for 12,800 bps there are no requirements on the interleaver and on the error coding specified. As was observed before, only 8 points out of the QAM-64 constellation are used.

Looking closer at the payload, a periodicity of 160 symbols was found. In terms of 160-symbol long frames the payload is shown below:

Payload in terms of 160 symbol frames.

The fact that (symbol²) above is the same for all frames indicates that the payload consists of BPSK-modulated data which is scrambled to the 8PSK-like constellation. So what is left is to determine the scrambling.

It turns out that the used scrambling sequence is based on one of the scrambling sequences specified in STANAG 4538, i.e., it can be obtained as an extrapolation of one of the S4538 scrambling sequences: writing the 3-bit scrambling sequence in binary notation as PN(i) = bA(i)B(i)C(i), one can verify that A(i), B(i), and C(i) are subsequences of the same pseudo-random binary sequence generated by a certain LFSR. Determining the LFSR and the offsets of the subsequences is left as an exercise for the interested reader.

Once the payload symbols are descrambled, it becomes apparent that they consist of 104 Walsh-modulated di-bits (104×32 = 13×256) where each 4-symbol long Walsh symbol is repeated 8 times:

Descrambled payload revealing 104 Walsh-coded di-bits. 

Interesting MSK-modulated signals on HF (2)

This is an update of the last blog post.

Yesterday, another signal was picked up for which both the "X" and the "Y" bit streams were generated by the same LFSR with polynomial [3,1,0] × [17,16,15,14,13,12,10,8,5,4,0] and period N= (2³-1)×(2¹⁷-1)=917,497. The cross-correlation between "X" and "Y" show that the "X" bit stream is offset w.r.t. "Y" bit stream by M=(N-1)/2=458,748 bits.

"X" and "Y" bit stream cross-correlations

The data in the "X" channel can descrambled as follows
    b(i) = XOR(~Y(M+i), X(i)),
and the auto-correlation of the descrambled bits b(i) has peaks at multiples of 48 bits:

Autocorrelation of the descrambled bit stream

In terms of 240 bit frames the descrambled bits look like this:

Descrambled bit stream in terms of 240-bit frames

and in terms of 48-bit frames:

Descrambled bit stream in terms of 48-bit frames

Here one can see that the descrambled bits come in pairs

    b(2i) = b(2i+1)

so there are 24 pairs of bits per 48-bit frame. These 24 bits are not independent: they are determined by 6 bits only:

 1  ~3    4  6 13  ~20
 2   9  ~15
 5  18 -~21
 7   8   11 16 19 -~23
10  17
12  14 -~22

where ~P denotes logical NOT of bit number P and -P denotes a bit at position P from the previous frame.

These 6 bits are likely not independent. Interpreting them as a 6-bit binary number, the histogram of these numbers shows that they are not equally probable:

Histogram of 6-bit frame interpreted as 6-bit binary numbers

Interesting MSK-modulated signals on HF

Recently, a number of MSK-modulated signals with bandwidth ≈48 kHz were picked up on various KiwiSDRs on frequencies including 6840, 7730, 9490, 10640, 10840, 14730, 14780, and 14830 kHz. For some of these signals a TDoA analysis has been performed, pointing to a location close to Chicago:

TDoA

Since the bandwidth of theses signals exceeds the available bandwidth of a single KiwiSDR channel, three recordings spaced 15 kHz were coherently combined using gr-kiwisdr.

The power spectrum of FFT(IQ²) shows two clear peaks at ±24kHz, so these signals are MSK modulated with 48,000 baud data rate.

FFT(IQ²) showing two clear peaks at ±baud/2 → MSK modulation

For the coherently combined recording, the MSK demodulation quality plots shown below indicate that the quality is sufficient for extracting bit streams. These and the following plots were made with Octave code based on signal-analysis.

MSK demodulation quality plots

Using a coherent demodulation technique the "X" and "Y" bit streams were obtained, where the "X" bits are modulated onto cos(t) and "Y" onto sin(t). The data rate for both "X" and "Y" is 24,000 bits/sec.

The autocorrelations of the "X" and "Y" bit streams do not reveal any frame structure, i.e., "X" and "Y" look like streams of perfect random bits. However, it turns out that the "Y" bit stream is entirely made up by a pseudo-random sequence generated by a LFSR, so this presumably is how the start locations of frames can be recovered from the received signal.

The taps for the length-20 LFSR generating the "Y" bit stream are
   T = [11011101101101101101],

where the LFSR taps T are defined such that the following property holds for a given bit sequence b: 

   b(i) == mod(sum(b(i-20:i-1) .* T), 2)

The period of this LFSR was determined by simulating 2M bits using the found taps and a start state taken from the data. It is N = 917,497 = (2³-1)×(2¹⁷-1). The fact that N factorizes indicates that the polynomial in GF(2) defined by T is not prime, and indeed:
    [20,19,17,16,15,13,12,10,9,7,6,4,3,1,0] = [3,1,0] × [17,16,15,14,13,12,10,8,5,4,0].
A valid start state S which generates "Y" is
    S = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1].

The ~"Y" bit stream is generated by a LFSR with 20 taps.

No structures have yet been found for the "X" bit stream which presumably carries data.

KiwiSDR IQ data streams with >20.25 kHz bandwidth (5)

By now, gr-kiwisdr can coherently combine between 2 and 6 IQ data streams recorded from the same KiwiSDR.

Following an idea by WA2ZKD, the following test was made with DRM signals: three data streams were recorded, one centered on the DRM signal on 15120 kHz and two more centered on 15112.5 kHz and on 15127.5 kHz which were then coherently combined into a signal data stream. The GNURadio display is shown below:

Coherent combination of two IQ data streams using gr-kiwisdr.

Both, the WAV file centered on 15120 kHz, and the combined WAV file were successfully decoded by DREAM:

DREAM display

The SNR is comparable for both files, taking into account that it fluctuates by about ±0.5 dB:

DREAM waterfall display for the combined WAV file.

DREAM waterfall display for the WAV file recorded on the center frequency.

Only one slight difference was found in the SNR per carrier display: although the SNR per carrier is fluctuating quite a lot, for the combined WAV file there is a dip around the center which is not there for the WAV file recorded on the center frequency:

DREAM SNR per carrier display display for the combined WAV file.

DREAM SNR per carrier display for the WAV file recorded on the center frequency.

KiwiSDR IQ data streams with >20.25 kHz bandwidth (4)

This is a follow-up to this blog post.

The figure below summarizes how three IQ data streams with equal frequency offsets Δf are combined into a single IQ data stream with sampling frequency 4Δf:

Coherent combination of three KiwiSDR IQ streams

Note that the center frequencies are set to exact values, using GNSS timestamps to correct the local KiwiSDR oscillator, while the sampling frequencies of the IQ data streams are derived from the local KiwiSDR oscillator and are not exact. As a consequence the three IQ data streams are not coherent.

The three IQ data streams can be made coherent by 1) correcting for the frequency offsets and 2) aligning the relative phases.

1) Correcting for the frequency offset 

One way of describing this correction is by comparing a signal in stream#1 with frequency ΔF/2  and another signal in stream#2 with frequency -ΔF/2, taking into account that there are two different sampling rates: the true (GNSS aligned) sampling rate F_s and the sampling rate according to the state of the local KiwiSDR oscillator, F′_s :
         z₁(n) = exp{2πinΔF/2F′_s}
         z₂(n) = exp{2πinΔF/F_s - 2πinΔF/2F′_s} .
The beat offset signal is given by
         z₁^*(n) z₂(n) = exp{2πinΔF(1/F_s - 1/F′_s)} ,
and is used to correct for the frequency offset, where F′_s is determined from the GNSS time tags in the KiwiSDR IQ streams.

2) Relative phase alignment 

Having corrected the frequency offsets, we are left with constant relative phase differences, Δϕ(0,1) and Δϕ(1,2). These global phase offsets are estimated by cross-correlating the overlapping parts of the spectra, indicated in yellow in the figure above. GNURadio makes it easy to do this, using a combination of freq_xlating_ccf and conjugate__cc and a simple block which estimates the phase difference between two vectors of IQ samples.

Because the overlaps between IQ streams are needed to estimate the phase offsets, recordings with kiwirecorder.py should use the full available bandwidth.

The method described above has been implemented using GNURadio and is available as part of gr-kiwisdr. Please note that this is work in progress and might need further improvements.

As can be seen in the updated GRC flowgraph below, IQ stream sample alignment, the correction for coherence, and the PFB synthesizer were combined into a single GNURadio block, called coh_stream_synth. In addition, exp{iΔϕ(0,1)} and exp{iΔϕ(1,2)} are shown in a constellation diagram display in order to monitor phase coherence (=stable relative phases).

GRC flowgraph

Using the GNURadio PFB synthesizer with 2× oversampling (twox=True), edge effects at the boundaries between IQ data streams are avoided:

Coherent combination of three IQ streams @12 kHz into a single IQ stream @32 kHz.